SolarWinds uses SSH and scripts to do it's monitoring checks. OK, fine. It has to run as root so that it can make these checks, well, thanks for not implementing SUDO by default. So what happens is the history for root is clobbered by all it's commands/processes for checks. Searching and trying things just doesn't get me the outcome that I (and others) really need, disable the monitoring system from writing history.

While it seemed easy (with issues) was to check and see if there is a connection from the server in .bash_profile (RHEL based).

chkSWOusr=$(w | grep orion)
if [ "$chkSWOusr" == 0 ]; then
shopt -u -o history
fi

Well, if someone needs root and there is a check, they get missed but better than nothing usable. It works when I use shopt on a login but it's not working when I use .bash_profile and tried /etc/profile.d/ script, to preserve /etc/profile from edits.

So I have to ask, there are far smarter and those that know Linux way more than I. Am I barking up the wrong tree? Do I need to disable root history period? Is there a more elegant way to disable root writing to history based on source?

Thanks much LQ community.

Wrt Sudo is this what you're looking for?: https://thwack.solarwinds.com/docs/DOC-178469

Yeah, they don't write the default scripts for sudo, thus there are many scripts to change. Any updates to the system or templates, those manual edits would be over-written. I was hoping to find an approach to avoid the pitfalls of all that. I don't feel I'm going to be able to disable it based on source connection but I thought I'd ask. If this is where I have to go, then I'm going to have to. Maybe disable history in the scripts rather than adding in sudo, if I have to go that route of modifying the defaults.

Thanks unSpawn ....